From 605933c5168036d1cf7c1b734eb03d9a09597d7a Mon Sep 17 00:00:00 2001
From: kagla <kagla@naver.com>
Date: Thu, 18 Jun 2015 15:49:04 +0900
Subject: [PATCH 1/3] =?UTF-8?q?lo=5Furl=20=EC=9D=98=20XSS=20=EC=B7=A8?=
 =?UTF-8?q?=EC=95=BD=EC=A0=90=20=ED=95=B4=EA=B2=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/current_connect.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bbs/current_connect.php b/bbs/current_connect.php
index 686522564..5ad0e2a4e 100644
--- a/bbs/current_connect.php
+++ b/bbs/current_connect.php
@@ -12,6 +12,7 @@ $sql = " select a.mb_id, b.mb_nick, b.mb_name, b.mb_email, b.mb_homepage, b.mb_o
             order by a.lo_datetime desc ";
 $result = sql_query($sql);
 for ($i=0; $row=sql_fetch_array($result); $i++) {
+    $row['lo_url'] = get_text($row['lo_url']);
     $list[$i] = $row;
 
     if ($row['mb_id']) {

From 4d9e6be3944ec352a936fa703a6418291ca0f5ba Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@sir.co.kr>
Date: Thu, 18 Jun 2015 17:33:21 +0900
Subject: [PATCH 2/3] =?UTF-8?q?XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/current_connect.php | 1 +
 head.sub.php            | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/bbs/current_connect.php b/bbs/current_connect.php
index 686522564..5ad0e2a4e 100644
--- a/bbs/current_connect.php
+++ b/bbs/current_connect.php
@@ -12,6 +12,7 @@ $sql = " select a.mb_id, b.mb_nick, b.mb_name, b.mb_email, b.mb_homepage, b.mb_o
             order by a.lo_datetime desc ";
 $result = sql_query($sql);
 for ($i=0; $row=sql_fetch_array($result); $i++) {
+    $row['lo_url'] = get_text($row['lo_url']);
     $list[$i] = $row;
 
     if ($row['mb_id']) {
diff --git a/head.sub.php b/head.sub.php
index bcfb4b9c2..96a8d8d27 100644
--- a/head.sub.php
+++ b/head.sub.php
@@ -23,8 +23,8 @@ else {
 // 게시판 제목에 ' 포함되면 오류 발생
 $g5['lo_location'] = addslashes($g5['title']);
 if (!$g5['lo_location'])
-    $g5['lo_location'] = addslashes($_SERVER['REQUEST_URI']);
-$g5['lo_url'] = addslashes($_SERVER['REQUEST_URI']);
+    $g5['lo_location'] = addslashes(clean_xss_tags($_SERVER['REQUEST_URI']));
+$g5['lo_url'] = addslashes(clean_xss_tags($_SERVER['REQUEST_URI']));
 if (strstr($g5['lo_url'], '/'.G5_ADMIN_DIR.'/') || $is_admin == 'super') $g5['lo_url'] = '';
 
 /*

From 1b8069eec8f84551653a616a661b29a650bad029 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@sir.co.kr>
Date: Thu, 18 Jun 2015 17:45:00 +0900
Subject: [PATCH 3/3] =?UTF-8?q?cf=5Finclude=5Fhead=20=EC=84=A4=EC=A0=95=20?=
 =?UTF-8?q?=EC=A0=81=EC=9A=A9=20=EC=BD=94=EB=93=9C=20=EC=9C=84=EC=B9=98=20?=
 =?UTF-8?q?=EB=B3=80=EA=B2=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 head.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/head.php b/head.php
index c27416c4e..cccc0f2db 100644
--- a/head.php
+++ b/head.php
@@ -1,6 +1,12 @@
 <?php
 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
 
+// 상단 파일 경로 지정 : 이 코드는 가능한 삭제하지 마십시오.
+if ($config['cf_include_head'] && is_file(G5_PATH.'/'.$config['cf_include_head'])) {
+    include_once(G5_PATH.'/'.$config['cf_include_head']);
+    return; // 이 코드의 아래는 실행을 하지 않습니다.
+}
+
 include_once(G5_PATH.'/head.sub.php');
 include_once(G5_LIB_PATH.'/latest.lib.php');
 include_once(G5_LIB_PATH.'/outlogin.lib.php');
@@ -9,12 +15,6 @@ include_once(G5_LIB_PATH.'/visit.lib.php');
 include_once(G5_LIB_PATH.'/connect.lib.php');
 include_once(G5_LIB_PATH.'/popular.lib.php');
 
-// 상단 파일 경로 지정 : 이 코드는 가능한 삭제하지 마십시오.
-if ($config['cf_include_head'] && is_file(G5_PATH.'/'.$config['cf_include_head'])) {
-    include_once(G5_PATH.'/'.$config['cf_include_head']);
-    return; // 이 코드의 아래는 실행을 하지 않습니다.
-}
-
 if (G5_IS_MOBILE) {
     include_once(G5_MOBILE_PATH.'/head.php');
     return;